لازالت المشكلة مستمرة؟؟؟
SmitFraudFix v2.378
Scan done at 23:55:32.81, Tue 01/27/2009
Run from C:\Documents and Settings\أبو تميم\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - منفذ مصغر لجدولة الحزم
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DE0DB2F-EFC7-487D-B420-CA40F3E1E883}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DE0DB2F-EFC7-487D-B420-CA40F3E1E883}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0DE0DB2F-EFC7-487D-B420-CA40F3E1E883}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
******** 08-12-09.03 - أبو تميم 12/10/2008 19:13:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.473 [GMT 3:00]
Running from: c:\documents and settings\أبو تميم\سطح المكتب\********.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\أبو تميم\Application Data\inst.exe
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology\ADSTechnology.lnk
c:\documents and settings\All Users\قائمة ابدأ\البرامج\ADSTechnology\Uninstall.lnk
c:\program files\ActivationManager
c:\program files\ActivationManager\Uninstall.exe
c:\program files\ADSTechnology
c:\program files\ADSTechnology\ADSTechnology.dll
c:\program files\ADSTechnology\ADSTechnology.exe
c:\program files\ADSTechnology\Uninstall.exe
c:\program files\Windows Live\Messenger\msimg32.dll
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 16:17 910,880 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-12-10 16:17 22,582,816 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-10 16:13 --------- d-----w c:\program files\cFosSpeed
2008-12-10 16:13 --------- d-----w c:\documents and settings\أبو تميم\Application Data\DMCache
2008-12-10 16:11 --------- d-----w c:\documents and settings\أبو تميم\Application Data\TeraCopy
2008-12-10 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-10 14:30 90,284 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-10 14:30 311,036 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 14:18 --------- d-----w c:\documents and settings\أبو تميم\Application Data\uTorrent
2008-12-10 03:33 --------- d-----w c:\program files\Bit Che
2008-12-08 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-12-08 00:21 --------- d-----w c:\documents and settings\أبو تميم\Application Data\Grisoft
2008-12-03 01:45 --------- d-----w c:\program files\Easy RM to MP3 Converter
2008-12-03 00:58 --------- d-----w c:\documents and settings\أبو تميم\Application Data\Thinstall
2008-12-03 00:51 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 18:16 --------- d-----w c:\documents and settings\أبو تميم\Application Data\Nokia
2008-11-27 17:54 --------- d-----w c:\documents and settings\أبو تميم\Application Data\PC Suite
2008-11-27 02:37 --------- d-----w c:\program files\Abadisoft
2008-11-26 13:10 --------- d-----w c:\program files\JetAudio
2008-11-21 16:07 --------- d-----w c:\program files\Boilsoft Video Splitter
2008-11-17 13:42 --------- d-----w c:\program files\Hotspot_Shield
2008-11-16 18:28 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-11-16 18:27 --------- d-----w c:\program files\Torrent Harvester
2008-11-16 18:27 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-16 18:27 --------- d-----w c:\program files\BitComet
2008-11-13 17:21 131,584 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-11-12 22:04 --------- d-----w c:\documents and settings\أبو تميم\Application Data\MozillaControl
2008-11-09 16:27 --------- d-----w c:\program files\SopCast
2008-11-06 20:43 --------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-06 20:43 --------- d-----w c:\documents and settings\أبو تميم\Application Data\Uniblue
2008-11-04 18:50 --------- d-----w c:\documents and settings\All Users\Application Data\SRS Labs
2008-11-04 18:49 --------- d-----w c:\program files\SRS Labs
2008-11-02 19:35 --------- d-----w c:\program files\Realtek AC97
2008-11-01 18:59 --------- d-----w c:\documents and settings\أبو تميم\Application Data\Vso
2008-11-01 16:26 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-01 16:26 47,360 ----a-w c:\documents and settings\أبو تميم\Application Data\pcouffin.sys
2008-11-01 16:26 --------- d-----w c:\program files\VSO
2008-11-01 14:23 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-10-25 16:03 82,380 ----a-w c:\windows\system32\drivers\AFS2K.SYS
2008-10-25 16:03 --------- d-----w c:\program files\Hewlett-Packard
2008-10-25 15:59 --------- d-----w c:\program files\HP
2008-10-25 15:58 --------- d-----w c:\program files\Common Files\Adobe
2008-10-25 15:58 --------- d-----w c:\documents and settings\أبو تميم\Application Data\InterTrust
2008-10-24 15:23 --------- d-----w c:\documents and settings\أبو تميم\Application Data\dvdcss
2008-10-18 03:18 --------- d-----w c:\program files\Simple DNS Plus
2008-10-17 10:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 10:08 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-10-17 10:08 --------- d-----w c:\documents and settings\أبو تميم\Application Data\CyberLink
2008-10-16 05:13 --------- d-----w c:\documents and settings\أبو تميم\Application Data\TeamViewer
2008-10-15 10:51 --------- d-----w c:\documents and settings\All Users\Application Data\JH Software
2008-10-15 09:00 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-15 08:48 --------- d-----w c:\program files\ExtraTools
2008-10-11 12:48 --------- d-----w c:\program files\Google
2008-10-10 21:40 --------- d-----w c:\program files\FormatFactory
2008-09-14 22:37 218,624 ----a-w c:\windows\system32\uxtheme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
08/20/2008 11:03 PM 1780248 --a------ c:\program files\P2P_Torrent\tbP2P_.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
06/24/2008 11:17 PM 1569304 --a------ c:\program files\Hotspot_Shield\tbHots.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P_.dll" [08/20/2008 11:03 PM 1780248]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [06/24/2008 11:17 PM 1569304]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [05/13/2008 12:33 AM 2594224]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [11/12/2008 09:03 PM 3215360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [08/04/2004 12:56 AM 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [08/16/2007 04:19 PM 5728112]
"Google Update"="c:\documents and settings\أبو تميم\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [11/13/2008 08:12 PM 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [01/13/2007 09:47 AM 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [01/13/2007 09:47 AM 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [01/13/2007 09:46 AM 135168]
"Simple DNS Plus"="c:\program files\Simple DNS Plus\sdnsplus.exe" [07/09/2008 10:23 PM 195792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24 AM 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [10/23/2003 07:51 PM 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 02:42 PM 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [05/21/2003 06:37 PM 229437]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [11/07/2008 12:14 AM 867544]
"abadisoft.winutility"="c:\program files\Abadisoft\WinUtility\\Abadisoft.WinUtilites.exe" [01/20/2008 06:37 PM 2022400]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\zyzoom.exe" [11/03/2007 04:50 AM 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [08/04/2004 12:56 AM 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/07/2007 05:35 PM 1294336]
c:\documents and settings\ڑ ي ¢êïê\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
PowerReg Scheduler.exe [2008-07-28 243200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Simple DNS Plus\\sdnsmain.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20228:TCP"= 20228:TCP:BitComet 20228 TCP
"20228:UDP"= 20228:UDP:BitComet 20228 UDP
"7848:TCP"= 7848:TCP:BitComet 7848 TCP
"7848:UDP"= 7848:UDP:BitComet 7848 UDP
"62626:TCP"= 62626:TCP:BitComet 62626 TCP
"62626:UDP"= 62626:UDP:BitComet 62626 UDP
R2 sdnsplus;Simple DNS Plus;"c:\program files\Simple DNS Plus\sdnsmain.exe" [2008-10-15 546816]
*Newly Created Service* - PROCEXP90
.
*******s of the 'Scheduled Tasks' folder
2008-12-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\# []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {0DE0DB2F-EFC7-487D-B420-CA40F3E1E883} = 127.0.0.1
O16 -: ANB Direct - hxxp://www.anb.com.sa/onlinebanking/classes.cab
c:\windows\Downloaded Program Files\ANB Direct.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
O16 -: {630F2610-7654-11D1-83E3-0080C71A8794} - hxxp://www.anb.com.sa/arabic/onlinebanking/anb.cab
c:\windows\Downloaded Program Files\install-retail.inf
FireFox -: Profile - c:\documents and settings\أبو تميم\Application Data\Mozilla\Firefox\Profiles\tlofd97c.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF -: plugin - c:\documents and settings\ط£ط¨ظˆ طھظ…ظٹظ…\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-10 19:17:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\GTGina.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(644)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 12/10/2008 19:19:17
********-quarantined-files.txt 2008-12-10 16:18:56
Pre-Run: 8,641,863,680 bytes free
Post-Run: 8,854,253,568 bytes free
214 --- E O F --- 2008-11-13 15:23:08
